Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors when calling global AWS services #492

Closed
meshuga opened this issue Feb 16, 2020 · 2 comments
Closed

Errors when calling global AWS services #492

meshuga opened this issue Feb 16, 2020 · 2 comments

Comments

@meshuga
Copy link

meshuga commented Feb 16, 2020
edited

Version of AWS SDK for Go?

v0.19.0
v0.18.0

Version of Go (go version)?

1.13.5

What issue did you see?

Until v0.17.0, SDK for global AWS services were working without issues when used with empty/no region. The issue was discovered when interacting with SDKs of the following AWS services:

  • IAM
  • Route53
  • Organizations

It is assumed the issue can be seen when interacting with all SDKs of AWS services with only aws-global region described in https://github.com/aws/aws-sdk-go-v2/blob/master/models/endpoints/endpoints.json.

Steps to reproduce

Try calling IAM endpoint to list IAM Roles and configure no region. The request will fail, since the only accepted region value is aws-global.

The issue was discovered in Terraformer tool when upgrading from v0.17.0 to v0.18.0. Once an update was made, the following errors are seen when calling global services:

// When calling IAM SDK
UnknownEndpointError: could not resolve endpoint
        partition: "aws", service: "iam", region: "", known: [aws-global]

// When calling route53 SDK
UnknownEndpointError: could not resolve endpoint
        partition: "aws", service: "route53", region: "", known: [aws-global]

The error is described in GoogleCloudPlatform/terraformer#385.

Related PR in SDK Go V2: #420
@jasdel
Copy link
Contributor

jasdel commented Feb 26, 2020
edited

Thanks for reaching out @meshuga. The behavior you're experiencing is the intended behavior of the SDK. The SDK was incorrectly not checking for a valid region when resolving the endpoint for a service in some cases. The SDK's behavior to allow empty region to resolve to a endpoint was not intended.

Using aws-global is the best way to provide the correct region for endpoint resolving. A reason for this change also is that services like IAM also have global endpoints in other partitions such as AWS China (aws-cn-global) and AWS GovCloud (US) (aws-us-gov-global).

The aws-global region identifier is valid for a subset of the AWS services, and should be supported by the other AWS SDKs as well.

The v1 aws-sdk-go did not force this change in order to maintain backwards compatibility since the bug has been present in that version of the SDK for a very long time.

@meshuga
Copy link
Author

meshuga commented Feb 27, 2020
edited

Okay, I’m fine with that. Thanks for the extensive explanation!

@meshuga meshuga closed this as completed Feb 27, 2020
@meshuga meshuga mentioned this issue Mar 31, 2020
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jasdel @meshuga